CVE-2025-12509

Summary

On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.

Affected Software

VendorProductVersion RangeStatus
BizerbaBRAIN20.0 < 3.07affected

Weaknesses

  • CWE-829: CWE-829 Inclusion of Functionality from Untrusted Control Sphere

Workarounds

BRAIN2 users can be deprived of the right to implement Global_Shipping scripts.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References